From 876b0dcde88e6f9a938be15146daf8a500538014 Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Mon, 10 Jun 2024 16:11:42 -1000
Subject: [PATCH] fix: :passport_control: Don't remove iss from current URL

---
 server/api/oauth/sso/:issuer/callback/index.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/api/oauth/sso/:issuer/callback/index.ts b/server/api/oauth/sso/:issuer/callback/index.ts
index e8f645f4..968481ea 100644
--- a/server/api/oauth/sso/:issuer/callback/index.ts
+++ b/server/api/oauth/sso/:issuer/callback/index.ts
@@ -69,11 +69,13 @@ export default (app: Hono) =>
         zValidator("param", schemas.param, handleZodError),
         async (context) => {
             const currentUrl = new URL(context.req.url);
+            const redirectUrl = new URL(context.req.url);
 
             // Remove state query parameter from URL
             currentUrl.searchParams.delete("state");
+            redirectUrl.searchParams.delete("state");
             // Remove issuer query parameter from URL (can cause redirect URI mismatches)
-            currentUrl.searchParams.delete("iss");
+            redirectUrl.searchParams.delete("iss");
             const { issuer: issuerParam } = context.req.valid("param");
             const { flow: flowId, user_id, link } = context.req.valid("query");
 
@@ -82,7 +84,7 @@ export default (app: Hono) =>
             const userInfo = await manager.automaticOidcFlow(
                 flowId,
                 currentUrl,
-                currentUrl,
+                redirectUrl,
                 (error, message, app) =>
                     returnError(
                         {